GHSA-r4gv-qr8j-p3pgHighCVSS 7.5
handlebars.java FileTemplateLoader Path Traversal
🔗 CVE IDs covered (1)
📋 Description
Impact
Any application that passes user-controlled input to Handlebars.compile() using a FileTemplateLoader (or ClassPathTemplateLoader) is vulnerable to arbitrary file read. This is a realistic attack surface for web applications that use template names from URL path parameters, request parameters, or other user-controlled sources.
Patches
com.github.jknack:handlebars:4.5.2
Workarounds
Validate template name is derived from user input.
if (!file.getPath().startsWith(new File(prefix).getCanonicalPath())) {
throw new IOException("Path traversal attempt detected: " + location);
}
🎯 Affected products1
- maven/com.github.jknack:handlebars:< 4.5.2